This example demonstrates working with the apps collection (splunkjs.Service.Applications)
and individual apps (splunkjs.Service.Application). This example displays the name of each app in the collection.
The only difference between the two code files, Regular and splunkjs.Async, is that the latter uses the built-in
splunkjs.Async module to simplify asynchronous control flow.
var http = new splunkjs.ProxyHttp("/proxy");
var service = new splunkjs.Service(http, {
username: username,
password: password,
scheme: scheme,
host: host,
port: port,
version: version
});
// First, we log in
service.login(function(err, success) {
// We check for both errors in the connection as well
// as if the login itself failed.
if (err || !success) {
console.log("Login failure. Please check your server hostname and authentication credentials.");
done(err || "Login failed");
return;
}
// Now that we're logged in, let's get a listing of all the apps.
service.apps().fetch(function(err, apps) {
if (err) {
console.log("There was an error retrieving the list of applications:", err);
done(err);
return;
}
var appsList = apps.list();
console.log("Applications:");
for(var i = 0; i < appsList.length; i++) {
var app = appsList[i];
console.log(" App " + i + ": " + app.name);
}
done();
});
});
var http = new splunkjs.ProxyHttp("/proxy");
var service = new splunkjs.Service(http, {
username: username,
password: password,
scheme: scheme,
host: host,
port: port,
version: version
});
Async.chain([
// First, we log in
function(done) {
service.login(done);
},
// Retrieve the apps
function(success, done) {
if (!success) {
done("Error logging in");
}
service.apps().fetch(done);
},
// Print them out
function(apps, done) {
var appsList = apps.list();
console.log("Applications:");
for(var i = 0; i < appsList.length; i++) {
var app = appsList[i];
console.log(" App " + i + ": " + app.name);
}
done();
}
],
function(err) {
callback(err);
}
);
This sample demonstrates working with the saved search collection (splunkjs.Service.SavedSearches)
and individual saved searches (splunkjs.Service.SavedSearch). This example displays the name and
search query for each saved search in the collection.
The only difference between the two code files, Regular and splunkjs.Async, is that the latter uses the built-in
splunkjs.Async module to simplify asynchronous control flow.
var http = new splunkjs.ProxyHttp("/proxy");
var service = new splunkjs.Service(http, {
username: username,
password: password,
scheme: scheme,
host: host,
port: port,
version: version
});
// First, we log in
service.login(function(err, success) {
// We check for both errors in the connection as well
// as if the login itself failed.
if (err || !success) {
console.log("Login failure. Please check your server hostname and authentication credentials.");
done(err || "Login failed");
return;
}
// Now that we're logged in, let's get a listing of all the saved searches.
service.savedSearches().fetch(function(err, searches) {
if (err) {
console.log("There was an error retrieving the list of saved searches:", err);
done(err);
return;
}
var searchList = searches.list();
console.log("Saved searches:");
for(var i = 0; i < searchList.length; i++) {
var search = searchList[i];
console.log(" Search " + i + ": " + search.name);
console.log(" " + search.properties().search);
}
done();
});
});
var http = new splunkjs.ProxyHttp("/proxy");
var service = new splunkjs.Service(http, {
username: username,
password: password,
scheme: scheme,
host: host,
port: port,
version: version
});
Async.chain([
// First, we log in
function(done) {
service.login(done);
},
// Retrieve the saved searches
function(success, done) {
if (!success) {
done("Error logging in");
}
service.savedSearches().fetch(done);
},
// Print them out
function(searches, done) {
var searchList = searches.list();
console.log("Saved searches:");
for(var i = 0; i < searchList.length; i++) {
var search = searchList[i];
console.log(" Search " + i + ": " + search.name);
console.log(" " + search.properties().search);
}
done();
}
],
function(err) {
callback(err);
}
);
var http = new splunkjs.ProxyHttp("/proxy");
var service = new splunkjs.Service(http, {
username: username,
password: password,
scheme: scheme,
host: host,
port: port,
version: version
});
// First, we log in
service.login(function(err, success) {
// We check for both errors in the connection as well
// as if the login itself failed.
if (err || !success) {
console.log("Login failure. Please check your server hostname and authentication credentials.");
done(err || "Login failed");
return;
}
var savedSearchOptions = {
name: "My Awesome Saved Search",
search: "index=_internal error sourcetype=splunkd* | head 10"
};
// Now that we're logged in, Let's create a saved search
service.savedSearches().create(savedSearchOptions, function(err, savedSearch) {
if (err && err.status === 409) {
console.log("ERROR: A saved search with the name '" + savedSearchOptions.name + "' already exists")
done();
return;
}
else if (err) {
console.log("There was an error creating the saved search:", err);
done(err);
return;
}
console.log("Created saved search: " + savedSearch.name);
done();
});
});
var http = new splunkjs.ProxyHttp("/proxy");
var service = new splunkjs.Service(http, {
username: username,
password: password,
scheme: scheme,
host: host,
port: port,
version: version
});
// First, we log in
service.login(function(err, success) {
// We check for both errors in the connection as well
// as if the login itself failed.
if (err || !success) {
console.log("Login failure. Please check your server hostname and authentication credentials.");
done(err || "Login failed");
return;
}
var name = "My Awesome Saved Search";
// Now that we're logged in, Let's create a saved search
service.savedSearches().fetch(function(err, savedSearches) {
if (err) {
console.log("There was an error in fetching the saved searches");
done(err);
return;
}
var savedSearchToDelete = savedSearches.item(name);
if (!savedSearchToDelete) {
console.log("Can't delete '" + name + "' because it doesn't exist!");
done();
}
else {
savedSearchToDelete.remove();
console.log("Deleted saved search: " + name + "")
done();
}
});
});
This example demonstrates using the SDK to run searches in Splunk. This example runs the search, displays progress and search statistics (if available), and finally, displays the search results (including some key-value fields).
This example shows different types of searches:
normal: Runs a search with exec_mode=normal, waits until the job is done, and then displays job statistics and search results.
blocking: Runs a search with exec_mode=blocking, which does not return until the job is done. Once the job is done, this example displays
job statistics and search results.
oneshot: Runs a search with exec_mode=oneshot, which does not return until the job is done, and then returns the search results
(rather than the search ID). Once the job is done, this example displays the search results.
var http = new splunkjs.ProxyHttp("/proxy");
var service = new splunkjs.Service(http, {
username: username,
password: password,
scheme: scheme,
host: host,
port: port,
version: version
});
Async.chain([
// First, we log in
function(done) {
service.login(done);
},
// Perform the search
function(success, done) {
if (!success) {
done("Error logging in");
}
service.search("search index=_internal | head 3", {}, done);
},
// Wait until the job is done
function(job, done) {
Async.whilst(
// Loop until it is done
function() { return !job.properties().isDone; },
// Refresh the job on every iteration, but sleep for 1 second
function(iterationDone) {
Async.sleep(1000, function() {
// Refresh the job and note how many events we've looked at so far
job.fetch(function(err) {
console.log("-- fetching, " + (job.properties().eventCount || 0) + " events so far");
iterationDone();
});
});
},
// When we're done, just pass the job forward
function(err) {
console.log("-- job done --");
done(err, job);
}
);
},
// Print out the statistics and get the results
function(job, done) {
// Print out the statics
console.log("Job Statistics: ");
console.log(" Event Count: " + job.properties().eventCount);
console.log(" Disk Usage: " + job.properties().diskUsage + " bytes");
console.log(" Priority: " + job.properties().priority);
// Ask the server for the results
job.results({}, done);
},
// Print the raw results out
function(results, job, done) {
// Find the index of the fields we want
var rawIndex = utils.indexOf(results.fields, "_raw");
var sourcetypeIndex = utils.indexOf(results.fields, "sourcetype");
var userIndex = utils.indexOf(results.fields, "user");
// Print out each result and the key-value pairs we want
console.log("Results: ");
for(var i = 0; i < results.rows.length; i++) {
console.log(" Result " + i + ": ");
console.log(" sourcetype: " + results.rows[i][sourcetypeIndex]);
console.log(" user: " + results.rows[i][userIndex]);
console.log(" _raw: " + results.rows[i][rawIndex]);
}
// Once we're done, cancel the job.
job.cancel(done);
}
],
function(err) {
callback(err);
}
);
var http = new splunkjs.ProxyHttp("/proxy");
var service = new splunkjs.Service(http, {
username: username,
password: password,
scheme: scheme,
host: host,
port: port,
version: version
});
Async.chain([
// First, we log in
function(done) {
service.login(done);
},
// Perform the search
function(success, done) {
if (!success) {
done("Error logging in");
}
service.search("search index=_internal | head 3", {exec_mode: "blocking"}, done);
},
// The job is done, but let's some statistics from the server.
function(job, done) {
job.fetch(done);
},
// Print out the statistics and get the results
function(job, done) {
// Print out the statics
console.log("Job Statistics: ");
console.log(" Event Count: " + job.properties().eventCount);
console.log(" Disk Usage: " + job.properties().diskUsage + " bytes");
console.log(" Priority: " + job.properties().priority);
// Ask the server for the results
job.results({}, done);
},
// Print the raw results out
function(results, job, done) {
// Find the index of the fields we want
var rawIndex = utils.indexOf(results.fields, "_raw");
var sourcetypeIndex = utils.indexOf(results.fields, "sourcetype");
var userIndex = utils.indexOf(results.fields, "user");
// Print out each result and the key-value pairs we want
console.log("Results: ");
for(var i = 0; i < results.rows.length; i++) {
console.log(" Result " + i + ": ");
console.log(" sourcetype: " + results.rows[i][sourcetypeIndex]);
console.log(" user: " + results.rows[i][userIndex]);
console.log(" _raw: " + results.rows[i][rawIndex]);
}
// Once we're done, cancel the job.
job.cancel(done);
}
],
function(err) {
callback(err);
}
);
var http = new splunkjs.ProxyHttp("/proxy");
var service = new splunkjs.Service(http, {
username: username,
password: password,
scheme: scheme,
host: host,
port: port,
version: version
});
Async.chain([
// First, we log in
function(done) {
service.login(done);
},
// Perform the search
function(success, done) {
if (!success) {
done("Error logging in");
}
service.oneshotSearch("search index=_internal | head 3", {}, done);
},
// The job is done, and the results are returned inline
function(results, done) {
// Find the index of the fields we want
var rawIndex = utils.indexOf(results.fields, "_raw");
var sourcetypeIndex = utils.indexOf(results.fields, "sourcetype");
var userIndex = utils.indexOf(results.fields, "user");
// Print out each result and the key-value pairs we want
console.log("Results: ");
for(var i = 0; i < results.rows.length; i++) {
console.log(" Result " + i + ": ");
console.log(" sourcetype: " + results.rows[i][sourcetypeIndex]);
console.log(" user: " + results.rows[i][userIndex]);
console.log(" _raw: " + results.rows[i][rawIndex]);
}
done();
}
],
function(err) {
callback(err);
}
);
This example shows how to work with real-time searches. This example runs a real-time search that collects statistics about all events from “now” to infinity (using earliest_time=rt and latest_time=rt).
Once the job is created, this example polls the results every second and displays them.
Because a real-time search is never completed, this example just iterates five times before terminating the loop.
var http = new splunkjs.ProxyHttp("/proxy");
var service = new splunkjs.Service(http, {
username: username,
password: password,
scheme: scheme,
host: host,
port: port,
version: version
});
Async.chain([
// First, we log in
function(done) {
service.login(done);
},
// Perform the search
function(success, done) {
if (!success) {
done("Error logging in");
}
service.search(
"search index=_internal | stats count by sourcetype",
{earliest_time: "rt", latest_time: "rt"},
done);
},
// The search is never going to be done, so we simply poll it every second to get
// more results
function(job, done) {
var MAX_COUNT = 5;
var count = 0;
Async.whilst(
// Loop for N times
function() { return MAX_COUNT > count; },
// Every second, ask for preview results
function(iterationDone) {
Async.sleep(1000, function() {
job.preview({}, function(err, results) {
if (err) {
iterationDone(err);
return;
}
// Only do something if we have results
if (results.rows) {
// Up the iteration counter
count++;
console.log("========== Iteration " + count + " ==========");
var sourcetypeIndex = utils.indexOf(results.fields, "sourcetype");
var countIndex = utils.indexOf(results.fields, "count");
for(var i = 0; i < results.rows.length; i++) {
var row = results.rows[i];
// This is a hacky "padding" solution
var stat = (" " + row[sourcetypeIndex] + " ").slice(0, 30);
// Print out the sourcetype and the count of the sourcetype so far
console.log(stat + row[countIndex]);
}
console.log("=================================");
}
// And we're done with this iteration
iterationDone();
});
});
},
// When we're done looping, just cancel the job
function(err) {
job.cancel(done);
}
);
}
],
function(err) {
callback(err);
}
);
This example shows how you can send data to Splunk over HTTP
from within your application by using the Service.log
method in the JavaScript SDK.
We create a utility Logger class that encapsulates various logging levels,
and we can then simply call logger.log, logger.error, etc.
var http = new splunkjs.ProxyHttp("/proxy");
var service = new splunkjs.Service(http, {
username: username,
password: password,
scheme: scheme,
host: host,
port: port,
version: version
});
var Logger = splunkjs.Class.extend({
init: function(service, opts) {
this.service = service;
opts = opts || {};
this.params = {};
if (opts.index) this.params.index = opts.index;
if (opts.host) this.params.host = opts.host;
if (opts.source) this.params.source = opts.source;
if (opts.sourcetype) this.params.sourcetype = opts.sourcetype || "demo-logger";
if (!this.service) {
throw new Error("Must supply a valid service");
}
},
log: function(data) {
var message = {
__time: (new Date()).toUTCString(),
level: "LOG",
data: data
};
this.service.log(message, this.params);
console.log(data);
},
error: function(data) {
var message = {
__time: (new Date()).toUTCString(),
level: "ERROR",
data: data
};
this.service.log(message, this.params);
console.error(data);
},
info: function(data) {
var message = {
__time: (new Date()).toUTCString(),
level: "INFO",
data: data
};
this.service.log(message, this.params);
console.info(data);
},
warn: function(data) {
var message = {
__time: (new Date()).toUTCString(),
level: "WARN",
data: data
};
this.service.log(message, this.params);
console.warn(data);
},
});
// First, we log in
service.login(function(err, success) {
// We check for both errors in the connection as well
// as if the login itself failed.
if (err || !success) {
console.log("Login failure. Please check your server hostname and authentication credentials.");
done(err || "Login failed");
return;
}
// Create our logger
var logger = new Logger(service, { sourcetype: "mylogger", source: "test" });
// Log the various types of messages. Note how we are sending
// both strings and JSON objects, which will be auto-encoded and
// understood by Splunk 4.3+
logger.log("I LOGGED TO SPLUNK - look at your JS console!");
logger.error("ERROR HAPPENED");
logger.info(["useful", "info"]);
logger.warn({"this": {"is": ["a", "warning"]}});
// Say we are done with this sample.
done();
});